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THE 2H'2021 CYBER RISK INDEX (CRI) 


Trend Micro, in conjunction with Ponemon Institute, presents the fifth edition of the Cyber The CRI is composed of two 
Risk Index (CRI). This comprehensive index aims to measure an organization's readiness to : individual indices: 
respond to different types of cyber attacks. : 


+ Cyber preparedness index: 
The 2H'2021 version of the CRI was developed from a survey conducted by Ponemon Representing an organization's 


Institute. This includes more than 3,400 ClSOs, and IT practitioners and managers across readiness to defend against 
the regions of North America, Europe, Latin/South America, and Asia-Pacific. : cyber attacks. 





* Cyber threat index: The state of 
the threat landscape at the time 
the CRI was determined. 


The CRI is calculated by subtracting the cyber threat index from the cyber 
preparedness index. The scale is +10 to -10, with -10 representing the highest risk 


CYBER RISK INDEX 2H'2021 
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Three of four regions show an elevated risk (negative CRI number), with Latin/South America having the 
highest risk level compared to the other three regions. This is due to Latin/South America having 
a lower perceived readiness than the other regions. Asia/Pacific has a positive CRI (moderate risk) 
due to improved preparedness and perception that the threat landscape has improved 
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The past three CRI editions have included North America, Europe, and Asia-Pacific with Latin/South America included in last two. As 
you see below, other than Latin/South America, the CRI has improved (lower risk) in the other three regions. This is mainly due to 
improved cyber preparedness and a lower cyber threat index. Many of the changes were due to effects of the pandemic and shifts in 
organizations supporting more work-from-home (WFH) employees while accelerating their cloud adoption. 


REGIONAL CYBER RISK INDEX TRENDS 
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THE PRIMARY BUSINESS RISKS 


The top cybersecurity risk factors businesses face can be broken down into five categories, based on the top concerns from 
respondents across the four regions: 


Top five cyber threats 
1. Ransomware 
2. Phishing and social engineering 
3. Denial of service (DoS) 
4. Botnets 
5. Man-in-the-middle attack 


Top five data types at risk 
o “My organization is not well prepared to deal with data breaches and cybersecurity exploits” 
o “My organization's enabling security technologies are not sufficient to protect data assets and IT infrastructure” 
o “My organization's IT security function is not able to contain most cyber attacks” 


Human capital risk 
o “My organization's IT security leader (CISO) doesn't have sufficient authority and resources to achieve a strong security posture” 
o “My organization's IT security leader does not report to senior leadership (Such as the CEO, COO, or CIO)" 
o “My organization's IT security personnel do not have sufficient knowledge, skill, and expertise to protect data assets and IT infrastructure” 




















Top five infrastructure risks 
1. Mobile/remote employees 
2. Cloud computing infrastructure and providers 
3. Across third-party applications 
4. Malicious insiders 
5. Mobile devices, such as smart phones 


Operational risk 
o “My organization's IT security function lacks support of security in the DevOps environment" 


o “My organization's IT security function does not strictly enforce acts of non-compliance to security policies, standard 
operating procedures, and external requirements” 


o “My organization's IT security function lacks compliance with data protection and privacy requirements” 












WHAT BUSINESSES STAND TO LOSE 


While any information a business possesses is prone to data loss or theft, these five 


information 


on results from the survey. 
1. R&D information 
2. Financial information 
3. Business communication (ema 


4. Compa 





5. Trade secrets 


In looking a 





types are the ones that present the greatest risk for an organization-based 


il) 
ny-confidential information 


t the above results, it is clear that organizations put the most emphasis on 


the data that could cause repercussions for the business if it was stolen or compromised. 
Top concerns (negative consequences) of a successful cyber attack are: 

o Stolen or damaged equipment 

Cost of outside consultants and experts 


Reputation or brand damage 
Regulatory actions or lawsuits 


o 

o Customer turnover 
O 

O 





THE GREATEST CYBERSECURITY CHALLENGES FOR BUSINESSES 


The polled organizations determ 


their 


preparedness areas of concern for 


ined their risk factors based on the effectiveness of 


security functions. Based on the global survey results, these are the greatest 


businesses: 


o People: “My organization's IT security leader (CISO) does not have sufficient 
authority and resources to achieve a strong security posture" 


o Process: “My organization's IT 


of non-compliance to security 





external requirements” 


o Technology: “My organization 
edged security technologies, such as machine learning, automation, orchestration, 
analytics, and/or artificial intelligence (Al) tools” 


PROTECTING BUSINESSES FROM CYBER THREATS 


Takin 





global businesses can still effective 
practices. These include: 


Q 


dentifying and building securi 
management and the threats 


inimizing infrastructure com 
security stack 























includes extended detection a 








Getting senior leadership to view security as a competitive advantage 


mproving the ability to protect the business environment, including properly 
securing, bring your own device (BYOD), internet of things (loT) and industrial loT 
devices (IloT), and cloud infrastructure 


nvesting in both new talent and existing security personnel to help them keep up 
with the rapidly evolving threat landscape, as well as improve retention 


Reviewing existing security solutions with the latest technologies to detect 
advanced threats like ransomware and botnets 


mproving IT security architecture with high interoperability, scalability, and agility 
Discuss with your security partner how a unified cybersecurity platform that 


security function lacks enforcement on acts 
policies, standard operating procedures, and 


does not make appropriate investments in leading- 





g the current threat landscape into consideration and based on the CRI findings, 


y minimize their risks by implementing security best 


y around critical data by focusing on risk 
hat could target this data 


mplement attack surface discovery to identify both internal and external systems, 
accounts, devices that you have 





plexity and improving alignment across the whole 








nd response (XDR) capabilities to improve your 


visibility and response to attacks 
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Key takeaways for businesses 


Our findings show that global 
businesses have a very high chance 
of being affected by a cyberattack 
(Note, these are all down from the 
previous CRI survey in 1H'2021). 


* Likelihood of a data breach 
of customer data in the next 
12 months: 67%. 


* Likelihood of a data breach 
of critical data (IP) in the next 
12 months: 71%. 











* Likelihood of one or more 
successful cyberattacks in the 
next 12 months: 76%. 
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